From 02929551ee8e379111e64591a1aa79871dea8aaa Mon Sep 17 00:00:00 2001 From: redfast00 Date: Tue, 7 May 2019 22:45:05 +0200 Subject: [PATCH] Actually authenticate now --- app/controllers/application_controller.rb | 31 +++++++++++++++++++++++ app/controllers/users_controller.rb | 15 +++-------- python_api_example/dagschotel.py | 15 +++++++++++ 3 files changed, 49 insertions(+), 12 deletions(-) create mode 100644 python_api_example/dagschotel.py diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index b9d8db7..b529c45 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -1,5 +1,13 @@ class ApplicationController < ActionController::Base protect_from_forgery with: :exception + skip_before_action :verify_authenticity_token, if: :api_request? + before_filter :authenticate_user_from_token! + before_filter :authenticate_user! + before_filter :set_user! + + def api_request? + (user_token.present?) && request.format.json? + end rescue_from CanCan::AccessDenied do |exception| respond_to do |format| @@ -25,4 +33,27 @@ class ApplicationController < ActionController::Base exception.message end end + + def authenticate_user_from_token! + user = user_token + + if user + # Notice we are passing store false, so the user is not + # actually stored in the session and a token is needed + # for every request. If you want the token to work as a + # sign in token, you can simply remove store: false. + sign_in user, store: false + end + end + + def set_user! + @user = current_user + end + + def user_token + @user_token ||= authenticate_with_http_token do |token, options| + User.find_by userkey: token + end + end + end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index efc8b42..189106b 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -21,8 +21,7 @@ # class UsersController < ApplicationController - load_and_authorize_resource except: :show - before_action :init, only: :show + load_and_authorize_resource def show respond_to do |format| @@ -43,6 +42,7 @@ class UsersController < ApplicationController redirect_to @user end format.js { head :ok } + format.json { render json: @user } end else respond_to do |format| @@ -52,6 +52,7 @@ class UsersController < ApplicationController render 'show' end format.js { head :bad_request } + format.json { "Update failed!"} end end end @@ -84,16 +85,6 @@ class UsersController < ApplicationController params.fetch(:user, {}).permit(:avatar, :private, :dagschotel_id, :quickpay_hidden) end - def init - @user ||= current_user || user_token || User.new - end - - def user_token - @user_token ||= authenticate_with_http_token do |token, options| - User.find_by userkey: token - end - end - def reset_key @user.generate_key! redirect_to @user diff --git a/python_api_example/dagschotel.py b/python_api_example/dagschotel.py new file mode 100644 index 0000000..75478a9 --- /dev/null +++ b/python_api_example/dagschotel.py @@ -0,0 +1,15 @@ +import requests + + +base_url = 'http://localhost:3000' +user = 'j' +user_token = 'uiUTrjuD3ZSft6s8JD9S4g==' + +headers = {'Authorization': f'Token token={user_token}'} +dagschotel_id = 1 + +r = requests.put(f'{base_url}/users/{user}.json', headers=headers, json={'dagschotel_id': 20}) +print(r.text) + +r = requests.get(f'{base_url}/users/{user}.json', headers=headers) +print(r.text)